Thinking Skeptically About Smishing



Skeptically About SmishingOrganizations need to train their employees to be on the lookout for SMS phishing (smishing), according to Jennifer Bosavage at Dark Reading. Bosavage explains that attackers exploit normal human behavior to gain access or information from employees.

“Cyberattackers leverage the way people typically respond to certain social situations to trick them into disclosing sensitive information about themselves, their businesses, or their computer systems,” Bosavage writes. “Even the smallest amount of data can be useful to hackers who are trying to complete a profile that will enable them to get access to credit, banking, and other sensitive information. So the first line of defense is to train employees to recognize their telltale but often subtle signs, as well as how their information can be used in a social engineering attack.”

Bosavage quotes April Wright, a security consultant at ArchitectSecurity.org, as saying that attackers can easily obtain open-source information to make their phishing messages appear legitimate.

“With both smishing and vishing, the source may have some information that makes them seem credible – names of co-workers, a boss' name, phone numbers, department names, etc.,” Wright said. “These are the seemingly trivial information they have gained via intelligence gathering, [smishing], phishing, or vishing. The most important thing we can do is verify.”

Wright added that employees need to have a healthy sense of suspicion in order to recognize these scams.

“We need to realize that not everyone is good and be on the lookout for questions people don't normally ask, for that feeling when ‘something isn't right,’” Wright said. “That feeling has kept humans alive and safe for hundreds of thousands of years, and we should listen to it. It's there to alert us to danger.”

New-school security awareness training can provide your organization with an essential layer of defense by teaching your employees how to avoid falling for these attacks.

Dark Reading has the story.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer

Topics: Phishing

Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews